This is an automated email from the ASF dual-hosted git repository. alexoree pushed a commit to branch feature/release2124-again in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 828ccd500ea2eb1d96ebad57ac3ad1c7d64271be Author: Alex O'Ree <[email protected]> AuthorDate: Thu Apr 2 18:56:45 2026 -0400 some additional changes to make the new behavior configurable without recompile --- .../org/apache/wiki/variables/DefaultVariableManager.java | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/jspwiki-main/src/main/java/org/apache/wiki/variables/DefaultVariableManager.java b/jspwiki-main/src/main/java/org/apache/wiki/variables/DefaultVariableManager.java index 6c232236a..c61ee0e00 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/variables/DefaultVariableManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/variables/DefaultVariableManager.java @@ -153,16 +153,21 @@ public class DefaultVariableManager implements VariableManager { } // Faster than doing equalsIgnoreCase() final String name = varName.toLowerCase(); - if ( name.startsWith( "jspwiki" ) ) { - LOG.warn("variable manager is denying access to '" + name + "'"); + if (!"jspwiki.frontpage".equals(name) && + !"jspwiki.runfilters".equals(name) && + name.startsWith( "jspwiki" ) ) { + String whitelist = context.getEngine().getWikiProperties().getProperty("jspwiki.variablemanager.whitelist"); + if (whitelist!=null && !whitelist.contains(name)) { + LOG.warn("variable manager is denying access to '" + name + "'. to override this behavior, " + + "you can add this to jspwiki.variablemanager.whitelist in the properties file."); return ""; + } + } for( final String value : THE_BIG_NO_NO_LIST ) { if( name.equals( value ) ) { return ""; // FIXME: Should this be something different? } - if ("jspwiki.frontpage".equals(name)) continue; - if ("jspwiki.runfilters".equals(name) ) continue; } try {
